commit a987e1d2f8e0cafa6e5d1a47acc98b56eaf97ffc
author XiaokangQian <xiaokang.qian@arm.com> Sat May 07 01:25:58 2022 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Sat May 07 01:37:04 2022 +0000
tree d3dbbbdcc027cc2aec0b4fdc3820382b67464417
parent ec6efb98bc676addb4ecbf436ddad502a650c0b5

Change state machine after encrypted extension and update cases

Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 191dc54..ef9cd17 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -733,30 +733,6 @@
     return( ret );
 }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0
-#define SSL_CERTIFICATE_REQUEST_SKIP         1
-/* Coordination:
- * Check whether a CertificateRequest message should be written.
- * Returns a negative code on failure, or
- * - SSL_CERTIFICATE_REQUEST_SEND_REQUEST
- * - SSL_CERTIFICATE_REQUEST_SKIP
- * indicating if the writing of the CertificateRequest
- * should be skipped or not.
- */
-static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
-{
-    int authmode;
-
-    authmode = ssl->conf->authmode;
-
-    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
-        return( SSL_CERTIFICATE_REQUEST_SKIP );
-
-    return( SSL_CERTIFICATE_REQUEST_SEND_REQUEST );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
 /*
  * Handler for MBEDTLS_SSL_SERVER_HELLO
  */
@@ -1170,14 +1146,7 @@
         mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
     else
     {
-        MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
-        if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
-        else
-        {
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
-            ret = 0;
-        }
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
     }
 #else
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
@@ -1190,6 +1159,28 @@
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0
+#define SSL_CERTIFICATE_REQUEST_SKIP         1
+/* Coordination:
+ * Check whether a CertificateRequest message should be written.
+ * Returns a negative code on failure, or
+ * - SSL_CERTIFICATE_REQUEST_SEND_REQUEST
+ * - SSL_CERTIFICATE_REQUEST_SKIP
+ * indicating if the writing of the CertificateRequest
+ * should be skipped or not.
+ */
+static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
+{
+    int authmode;
+
+    authmode = ssl->conf->authmode;
+
+    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+        return( SSL_CERTIFICATE_REQUEST_SKIP );
+
+    return( SSL_CERTIFICATE_REQUEST_SEND_REQUEST );
+}
+
 /*
  * struct {
  *   opaque certificate_request_context<0..2^8-1>;